No more secrets

Tony Blair insists his government is not building a Big Brother-style super-database. But all the talk of 'perfectly sensible' reforms and 'transformational government' masks a chilling assault on our privacy, says Steve Boggan

Earlier this year, Tony Blair announced plans to allow government departments to share more information about us, while rubbishing the suggestion that this would lead to the creation of a "Big Brother" super-database. At the moment, he said, over-zealous rules on data-sharing leave government departments hamstrung. Each one stores information on us, and much of it is out of date. Ministers even cited the disturbing case of one man who had had to contact 44 branches of government to sort out affairs when a family member died. How much simpler it would be, then, to have all our identity information in one place where it could be easily updated with one phone call or letter.

To most people, unfamiliar with the myriad government proposals and strategy documents on "e-government" and data sharing, it might have sounded like a good idea - even "perfectly sensible", as Blair put it. Besides, what was wrong with government departments actually talking to each other? Isn't that what we want - joined-up government? At the time, the prime minister and John Hutton, secretary of state at the Department for Work and Pensions (DWP), which is spearheading plans for data sharing, said it would not be necessary to set up a new super-database for all this information. That is true. What some people may not have understood, however, is that a database that will make all this possible - the national identity register - is already under construction. Or that civil servants are expecting up to 265 government departments and 44,000 accredited "private sector organisations" to use it to verify your identity.

Nor did they say that each time such verification takes place, that check - and who made it - will be recorded, leading to an audit trail that could build up a detailed picture of you and your life. Prying eyes could work out where you travel, what kind of goods you buy, the fact that you have applied for a loan, what benefits you are claiming, that you have had a prescription or re-mortgaged your house. With a little imagination, the list simply grows and grows.

If you want to know the potential for the amount of information that could be collated and cross-referenced with the use of the national identity register and your unique ID number, it is necessary to fit together the pieces of a complex jigsaw puzzle found in documents published by the Treasury, the Home Office, the Office for National Statistics, the Cabinet Office, the Department for Constitutional Affairs and the DWP. For while Tony Blair thinks it would be useful for government to have all our ID information in one place, we have to fish around for the facts that could affect us.

Before we take a closer look at what these departments want to do with our information, it would be useful to remind ourselves of what the national identity register will be and what information (at the moment) the law says it can hold on us. Last March, the Identity Cards Act became law and provided for the creation of a national identity register that could hold more than 50 items of information on you, recorded when you apply to renew your passport. Significantly, the act was framed in such a way that more items could be added in future but, at present, they include: your name, signature, other names by which you have been known, your date of birth, place of birth, gender, where you live, all your homes in the UK and abroad and where you have ever lived.

The register will also hold biometric details: your picture, all your fingerprints and images of your irises. Your residential status (if you are an immigrant) will be recorded, as will your national insurance number and passport details. Your driving licence number will be on there, as will all details of your new national identity card - when it was issued, whether you have lost one, requested a replacement and so on.

The register will also record the details of how you proved your identity in the first place and will log all the times anyone has used the register to check who you are. It will, therefore, store details of all the people and organisations who have used it to check your ID - a government department, your bank, airlines, the dealer from whom you bought your car and all the other commercial outlets that confirm your identity before you make significant purchases of goods or services.

All of this, of course, is related to your use of a national identity card with its unique identifier number. According to the Strategic Action Plan for the National Identity Scheme, published by the Home Office in December, work on biometrics, including a "joint venture" with the Criminal Records Bureau and the setting up of partnerships with the private sector to produce the card and the national identity register, will be well advanced by June.

In December, John Reid, the Home Secretary, said he would like it to be implemented rapidly, beginning with biometric cards for foreign nationals in 2008 and cards for British citizens, issued - voluntarily at first - with biometric passports, in 2009. (The Tories have said they will scrap the scheme if they come to power.) The cost of "rolling out" the scheme has been put at £5.4bn, but critics argue that given the government's appalling record on IT projects that figure could rise to as much as £20bn.

In order for the cards to be made compulsory, there would have to be further votes in the House of Commons and the House of Lords. However, an examination of the various government department plans suggests that civil servants and advisers favour a compulsory scheme in the future.

The Citizen Information Project, a report made by the Office for National Statistics in 2003, recommended the use of the national identity register as a population register and advocated more widespread sharing of information among government departments. Over 10 years, it says, £685m could be saved if the national identity register was used as such a population register and adds: "We believe that there is significant value to both citizens and the government in greater sharing of contact details (name, address, date of birth, reference numbers) in a secure way across the public sector. This should be implemented through the government's proposed identity cards scheme on the basis that the scheme eventually becomes compulsory.

"We also need to look to further embed efficiency through data sharing as a standard practice across the public sector, rather than something considered within niche projects."

At present, the Data Protection Act allows sharing of information on a very limited basis where it is needed for specified purposes only - not "across the public sector".

Another document, Transformational Government Enabled by Technology (with the snappy sub-heading Citizen and Business- centred Shared Services, Professionally Delivered), was published by the Cabinet Office in November 2005. It contains a foreword by the prime minister, in which he says: "Within the public services we have to use technology to join up and share services rather than duplicate them. It is a simple fact that we are stronger and more effective when we work together than apart. It is also self-evident that we will only be able to deliver the full benefits to customers that these new systems offer through using technology to integrate the process of government at the centre." Quite reasonably, it says that there is much waste in government departments acting as "islands", each storing information on individuals that might be outdated. And it is vital here to understand that the national identity register will not, in itself, amount to a Big Brother database with all your sensitive information on it, your criminal record or personal files from those "islands". However, your audit trail with your unique identifier number, makes such a massive central database unnecessary. If, for example, the security services wanted to find out about you, this would allow them to pull together everything about you from all the other government and commercial databases.

Last September, plans for sharing our data across departments - and the strains that might put on Data Protection legislation - became clearer with the publication of the Department for Constitutional Affairs' "Information Sharing Vision Statement". That put much emphasis on citizens' privacy being safeguarded by the Data Protection Act, but paved the way for sharing of information on a grand scale.

The statement argues that data-sharing will make government more efficient. It remains to be seen whether such efficiencies will be made at a cost to privacy.

Take this, for example, on how sharing of information might affect an ordinary citizen claiming, say, pension credit. The vision statement says: "The pension service will gather information for council tax benefit from customers when they claim pension credit. For those customers who receive pension credit, the relevant local authority will be notified of the decision and will be passed relevant council tax benefit supplementary information.

"The local authority will then check for council tax liability and verify any relevant additional information before making an assessment and award of council tax benefit."

So, on one hand, you might find you qualify unexpectedly for council tax benefit. On the other, information will have been shared about you without your knowledge.

But why should we care? Don't we expect such people to know all about us? And won't this lead to much more efficient government? Perhaps, but a qualification in the example above might give us a clue as to where all this might go. After giving the council tax benefit example, the vision statement adds: "Legislation may be needed to enable these changes."

This is likely to relate to the Data Protection Act's second principle, which states that information may be shared only for one or more specified purposes. But as data sharing is increasingly adopted as good practice, the temptation for wider, unspecified sharing may grow.

Civil liberties groups are worried that at some point in the future, the amounts of information allowed to be stored on the national identity register may also increase. For this to happen, the home secretary needs to put a simple order before parliament. Instead of new legislation, which must be passed through a number of readings and committee stages, such an order would require only a single vote. "Our concern is that, whatever the government says the register's uses are at the beginning, it would be nonsensical for it not to extend them - if only for reasons of cost-effectiveness - to gather more information about us and to increase the numbers of people who can access it for convenience," says Gareth Crossman, director of policy at Liberty. "It makes no sense whatsoever to design a system like this and then not use it to its full potential. Political expediency makes this the logical approach. When ID cards were first introduced in the second world war, they had three purposes: national security, to aid conscription and for rationing. In 1950, a parliamentary commission was set up by Winston Churchill to look at the cards and found that by then they were being used for 39 purposes. We believe such an expansion of uses will happen with the new ID card and the register."

Only last week, Tony Blair announced that police would be able to check fingerprints from crime scenes with biometric information on the national identity register. Opposition politicians immediately denounced the prospect of "fishing expeditions", with the Conservatives complaining that it would inevitably lead to miscarriages of justice.

Phil Booth, national coordinator of the No2ID campaign (www.no2id.net), spends all his time pulling together pieces of fresh information on where the ID cards scheme might be going. "My main concern is the audit trail that will be built up on you in the national identity register," he says.

"Each time anyone checks on your ID, it will be recorded. That means that over time the authorities could build up a very accurate picture of everything you do. That audit trail then becomes the key to the data that is stored on all other databases no matter where they are kept. It is not necessary to have a giant database because your ID number and the audit trail provide the key to the information on all the other databases."

According to a document published by the Identity and Passport Service, a branch of the Home Office, entitled Procurement Strategy Market Soundings, large sections of the production and administration of the ID card scheme and the national identity register will be implemented and administered by the private sector. While much will be retained in-house for security reasons - with, we are assured, significant privacy safeguards in place - commercial entities will either produce or have access to limited parts of the register for the purpose of validating identities.

At one point, encouraging private business to become involved, the strategy document says: "On current forecasts, identity verification transactions are anticipated to rise to 163m per year (successful take-up of the identity card scheme could see this level considerably exceeded) with 265 government departments and as many as 44,000 private sector organisations accredited."

The information commissioner's office, which monitors data protection matters, is keeping a close eye on all this to ensure that commercial access is limited only to the verification of ID and that information is neither held nor shared inappropriately. But as plans for the register move forward - and, as we have seen, new legislation might be brought in to weaken data protection law - the development of safeguards is a work in progress.

The assistant commissioner, John Bamford, says there will be strict controls on how data is shared and for how long details of ID checks - forming your audit trail - are held.

"On the one hand, it is necessary to keep details of who has used the register to verify your ID so that checks can be made to ensure no one is misusing the system, and so you can check it yourself online," he says. "On the other, we will want assurances that that data or the information shared among government departments is used in line with data protection law and is not held longer than is absolutely necessary. Our concern is to get this right at the outset because once the genie is out of the bottle, it is a huge genie to get back in."

For now, the Department of Work and Pensions, whose vast database, the Customer Information System, will form the basis for the national identity register, is giving assurances that the sharing of data and access to it will be strictly limited and tightly controlled. Civil servants, it says, will only have access to specific pieces of information about you through rigorously controlled channels called "statutory gateways".

The Identity Cards Act makes provision for the establishment of a national identity scheme commissioner to monitor the whole thing. But it also provides for the sharing of your data - without your consent - with the director general of the security service, the chief of the intelligence service, the director of communications at GCHQ, the director general of the Serious Organised Crime Agency and chief police officers up and down the country. And this, the act says, is not something the commissioner may keep under review. He will have no watchdog powers over the security services in this regard.

The prime minister likes to call all this "transformational government" and few would deny that changes are, indeed, taking place. For example, next year will see the introduction of the children's information sharing index, which will track every child, and all services they receive, from birth. And, of course, there is the NHS care records system, the so-called Spine database on which the government wants to hold all personal health information.

Once you have a national identity card, a number and an audit trail, all of this - and everything every government department, bank or supermarket has on you - could be accessed, without your knowledge or consent, by the security services, justified by their slightest suspicion of you. And the national identity scheme commissioner, the watchdog without teeth, wouldn't be able to so much as growl.